Added: 02/13/2012
CVE: CVE-2011-3478
BID: 51592
OSVDB: 78532
Symantec pcAnywhere is a suite of remote connectivity applications that allow users of a system to access their system remotely.
A stack overflow exist in the pcAnywhere Host Service when parsing login names. An attacker can send a malicious login to trigger this vulnerability, which may result in arbitrary code execution.
Symantec has suggested that customers stop using pcAnywhere, as they are no longer supporting the product.
<http://www.frequentbusinesstraveler.com/2012/01/symantec-to-users-stop-using-pcanywhere/>
This exploit has been tested against Symantec pcAnywhere 12.5.0.442 on Windows XP SP3 English (DEP OptIn) with KB957579 and KB2483185.
Windows